tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
41130 commits 1 branch 0 tags 50 MiB
Commit graph

41130 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tri Vo
99f88846ff credstore: Add missing permissions 
Bug: 261214100
Test: CtsIdentityTestCases
Change-Id: I6a70ed279f65d1cb4bfa0d53fa0e0f25d00d44b5
 2023-01-17 16:07:19 -08:00
Lorenzo Colitti
b8194ca7fb Merge "Update SEPolicy for Tetheroffload AIDL" 2023-01-18 00:04:51 +00:00
Jiakai Zhang
5a6771ccb7 Allow artd to create dirs and files for artifacts before restorecon. am: 7789460457 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388476

Change-Id: I721371609f28e093b6bf082feb8a64adc0fe2779
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-17 19:26:42 +00:00
Jiakai Zhang
7789460457 Allow artd to create dirs and files for artifacts before restorecon. 
Bug: 262230400
Test: -
  1. Remove the "oat" directory of an app.
  2. Dexopt the app using ART Service.
  3. See no SELinux denials.
Change-Id: I717073b0172083d73a1b84e5c2bea59076663b2f
 2023-01-18 01:07:49 +08:00
Orion Hodson
c09e7e4674 Additional sepolicy rules for dex2oat 
Enable reading vendor overlay files and /proc.

Fix: 187016929
Test: m
Change-Id: I7df17b4fcc8a449abe2af4bc8394d0224243799c
 2023-01-17 15:43:58 +00:00
Treehugger Robot
6ec18d5439 Merge "Allow all system properties with the "pm.dexopt." prefix." am: cc39bf74f1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2388475

Change-Id: Id90a1a0caa594483611374cb187c6b32e887ef53
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-17 02:08:06 +00:00
Treehugger Robot
cc39bf74f1 Merge "Allow all system properties with the "pm.dexopt." prefix." 2023-01-17 01:24:34 +00:00
Jiakai Zhang
cda13660d7 Allow all system properties with the "pm.dexopt." prefix. 
We use this as a namespace of all system properties used by ART Service.
As ART Service is in the updatable ART module, we need to be able to add
new properties.

Bug: 256639711
Test: Presubmit
Change-Id: Idcee583abccef9c0807699122074eb26927ca57b
 2023-01-16 21:24:07 +08:00
Changyeon Jo
edf5420830 Modify the automotive display service file context 
The automotive display service is moved to /system_ext partition.

Bug: 246656948
Test: Build selinux policy for aosp_cf_x86_64_only_auto target.
      > lunch aosp_cf_x86_64_only_auto-userdebug
      > m -j selinux_policy
Change-Id: If822e54aa99053c1aaee9f41d067860ea965c2f2
 2023-01-15 01:31:09 +00:00
Treehugger Robot
f18c34bfdf Merge "dontaudit crosvm reading VM's pipe" am: fa767b0e4a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2385815

Change-Id: I4eb2bc22ab9b122bae111003af66e5fc008d0d75
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-14 00:38:22 +00:00
Treehugger Robot
fa767b0e4a Merge "dontaudit crosvm reading VM's pipe" 2023-01-14 00:14:23 +00:00
Tri Vo
58a2792951 Merge "Add rkpdapp access to remote_prov_prop" am: 9a63dcb2ee 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2386552

Change-Id: Iecc85a4f3ab6a3cf97cd603097f961b3f4d13dba
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-13 18:53:18 +00:00
Tri Vo
9a63dcb2ee Merge "Add rkpdapp access to remote_prov_prop" 2023-01-13 18:16:19 +00:00
David Brazdil
8cfd50806d Merge "virtualizationservice: Allow checking permissions" am: 28e9b97993 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2384139

Change-Id: Ic1f358083895f4ed26cc6ce4f51cd17106b86dea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-13 13:46:47 +00:00
David Brazdil
28e9b97993 Merge "virtualizationservice: Allow checking permissions" 2023-01-13 13:00:48 +00:00
Treehugger Robot
7cf7012262 Merge "refactor: get_prop(bpfdomain, bpf_progs_loaded_prop)" am: c8882d3e23 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2378568

Change-Id: I688bc3d34cf4a4f5c2a28a9cec276ea2ecb8eba5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-13 11:55:44 +00:00
Treehugger Robot
c8882d3e23 Merge "refactor: get_prop(bpfdomain, bpf_progs_loaded_prop)" 2023-01-13 11:27:11 +00:00
Xin Li
decaa94957 Merge "Merge tm-qpr-dev-plus-aosp-without-vendor@9467136" into stage-aosp-master 2023-01-13 07:32:38 +00:00
Akilesh Kailash
80f0ea6835 Merge "Allow files to be created /metadata/ota" am: bae423e9c5 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2372289

Change-Id: I2673528b63211e9b2a29de604ad415d86879d93a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-13 07:08:37 +00:00
Akilesh Kailash
bae423e9c5 Merge "Allow files to be created /metadata/ota" 2023-01-13 06:35:33 +00:00
Inseob Kim
42798af0cb dontaudit crosvm reading VM's pipe 
Bug: 238593451
Test: boot microdroid and see console
Change-Id: I46712759240a9f091936c6a81bb02679c267b8b8
 2023-01-13 14:08:16 +09:00
David Brazdil
ccf9164abc virtualizationservice: Allow checking permissions 
Bug: 245727626
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Ia49d7db3edeb465fd8b851aed8646964ee6f5af2
 2023-01-12 21:10:33 +00:00
Henri Chataing
9ff3423527 Add missing permissions for default bluetooth hal 
Test: launch_cvd
Bug: 205758693
Change-Id: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
Merged-In: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
 2023-01-12 19:02:57 +00:00
Tri Vo
7b9b6a04ed Add rkpdapp access to remote_prov_prop 
Test: presubmit
Change-Id: I7f4593e580f9d762a38b6e1b3e9db7c74e3eb984
 2023-01-12 09:50:28 -08:00
Xin Li
0ba8f8934a Merge tm-qpr-dev-plus-aosp-without-vendor@9467136 
Bug: 264720040
Merged-In: Id5f052116834034a9e4fd5c3adf17d3d7ef6610a
Change-Id: I84e152300ba7ece94e47e270eba1d7280a72343a
 2023-01-11 22:47:37 -08:00
Thomas Nguyen
8e04681736 Add IRadioSatellite context am: 3445819d5a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2380860

Change-Id: I41fe6b0d7afcd4602d2c18e132447786c438e001
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-12 04:18:33 +00:00
Thomas Nguyen
3445819d5a Add IRadioSatellite context 
Bug: 260644201
Test: atest VtsHalRadioTargetTes

Change-Id: I43555e1f076cdf96fb0b7805cd664d7ba6798aec
 2023-01-10 18:27:41 +00:00
Nathalie Le Clair
b1b7c91270 Merge "HDMI: Refactor HDMI packages" am: 98e20da831 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2353483

Change-Id: I5d75c68fca80f9b53c07e935d536fe02a39284e7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-10 17:20:15 +00:00
Nathalie Le Clair
98e20da831 Merge "HDMI: Refactor HDMI packages" 2023-01-10 17:05:17 +00:00
Kalesh Singh
9af7c1de29 Merge "suspend: Allow access to /sys/power/wake_[un]lock" am: 460c2ac995 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2356622

Change-Id: If7de5ee4c5e6ba40c642082b10d4bb2601f87a65
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-09 18:31:14 +00:00
Kalesh Singh
460c2ac995 Merge "suspend: Allow access to /sys/power/wake_[un]lock" 2023-01-09 17:55:09 +00:00
Alan Stokes
68e71fbf5c Suppress harmless denial am: c5b914670f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2376230

Change-Id: Ib87f8ba8d500c26c9fab36741ee76c2b1caef681
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-09 14:02:01 +00:00
Alan Stokes
c5b914670f Suppress harmless denial 
Commit 2d736569e716b5c143f296ae124bcfed9630a4d2 improved the logging
in virtualization service by attempting to get the real path from
/proc/self/fd/N for various files.

However, CompOS stores its log files in a directory
(/data/misc/apexdata/...) which VS has no access to, triggering an
SELinux denial:

avc: denied { search } for name="apexdata"
scontext=u:r:virtualizationmanager:s0
tcontext=u:object_r:apex_module_data_file:s0 tclass=dir

Suppress this denial, since it causes no harm (we just don't log the
real path).

Bug: 264496291
Bug: 251751405
Test: composd_cmd test-compile;
 see no denials
Change-Id: Ia55e593c0c0735b8f3085a964f0c789c177375f2
 2023-01-09 11:34:52 +00:00
Thiébaud Weksteen
f47e6de96d Merge "Grant SIGTERM and SIGKILL to dumpstate on incident" am: d03656b281 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2375249

Change-Id: I29c10889e5a9863b37ab445f846591e1e831ce88
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-09 02:39:28 +00:00
Thiébaud Weksteen
d03656b281 Merge "Grant SIGTERM and SIGKILL to dumpstate on incident" 2023-01-09 02:02:48 +00:00
Bill Yi
049fe7679e [automerger skipped] Merge "Merge TQ1A.230105.002 to aosp-master - DO NOT MERGE" am: 8c544a4c73 -s ours am: 4fbbfc5637 -s ours 
am skip reason: Merged-In I9acac60411da6eee86246a9e375b35dfb61691d1 with SHA-1 95b80b7322 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2376450

Change-Id: I6b0f2b807e977a138c05274da5ed05fbe6c72869
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 20:26:31 +00:00
Bill Yi
874f67eb98 [automerger skipped] Merge TQ1A.230105.002 to aosp-master - DO NOT MERGE am: 15ee6d11bc -s ours am: 83e9ec7b78 -s ours 
am skip reason: Merged-In I9acac60411da6eee86246a9e375b35dfb61691d1 with SHA-1 95b80b7322 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2376450

Change-Id: I350cd059db6403877442cc6c0ac78b6c7424ebaf
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 20:26:05 +00:00
Bill Yi
4fbbfc5637 [automerger skipped] Merge "Merge TQ1A.230105.002 to aosp-master - DO NOT MERGE" am: 8c544a4c73 -s ours 
am skip reason: Merged-In I9acac60411da6eee86246a9e375b35dfb61691d1 with SHA-1 95b80b7322 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2376450

Change-Id: Ic2f14f1a888ca779bd2051e342db9c4d38b48914
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 20:00:30 +00:00
Bill Yi
83e9ec7b78 [automerger skipped] Merge TQ1A.230105.002 to aosp-master - DO NOT MERGE am: 15ee6d11bc -s ours 
am skip reason: Merged-In I9acac60411da6eee86246a9e375b35dfb61691d1 with SHA-1 95b80b7322 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2376450

Change-Id: I55b9499601ef14fbfc47867bf9501d694c15e1e3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 20:00:03 +00:00
Bill Yi
8c544a4c73 Merge "Merge TQ1A.230105.002 to aosp-master - DO NOT MERGE" 2023-01-06 19:33:52 +00:00
David Brazdil
3f1b27afa6 Merge "Start using virtmgr for running VMs" am: 2cfd7d5e4b am: 2de678977a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2367809

Change-Id: I8e3305438b002a4a4963c71dbbacfe56728d4a04
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 17:15:56 +00:00
David Brazdil
2de678977a Merge "Start using virtmgr for running VMs" am: 2cfd7d5e4b 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2367809

Change-Id: Id29260cd0d23e3908833b0d903957402210ca224
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 16:44:06 +00:00
David Brazdil
2cfd7d5e4b Merge "Start using virtmgr for running VMs" 2023-01-06 16:13:32 +00:00
Bill Yi
15ee6d11bc Merge TQ1A.230105.002 to aosp-master - DO NOT MERGE 
Merged-In: I9acac60411da6eee86246a9e375b35dfb61691d1
Merged-In: If343dba5dae2821fa345135abafb891e85be5574
Change-Id: Ia868a5a11f13d47bf11fbb21b3d5cee12d7c8c99
 2023-01-06 07:13:50 -08:00
Maciej Żenczykowski
60f4a34544 refactor: get_prop(bpfdomain, bpf_progs_loaded_prop) 
Based on:
  cs/p:aosp-master -file:prebuilts/ get_prop.*bpf_progs_loaded_prop

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If07026b1ea5753a82401a62349c494b4cbf699b6
 2023-01-06 10:09:33 +00:00
Shikha Panwar
992245d1b2 Allow MM to open/syncfs/close encryptedstore dir 
Microdroid Manager needs these permissions to sync the encryptedstore
filesystem.

Test: Builds
Test: Check selinux denials in logs
Change-Id: Iee020ae653f5d42af086ca91068e3df52c992305
 2023-01-06 08:57:02 +00:00
Bill Yi
208a7aaadd [automerger skipped] Merge "Merge TQ1A.230105.002 to stage-aosp-master - DO NOT MERGE" into stage-aosp-master am: d0acca7852 -s ours 
am skip reason: Merged-In I5d03241b079692da856025a33b24013728fa0e57 with SHA-1 923a805f7c is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20873138

Change-Id: Iea3f06f237b708bc240d6b3d7242b65d80cf699d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 07:33:24 +00:00
Bill Yi
bd1b3c9777 [automerger skipped] Merge TQ1A.230105.002 to stage-aosp-master - DO NOT MERGE am: 537945aaec -s ours 
am skip reason: Merged-In I5d03241b079692da856025a33b24013728fa0e57 with SHA-1 923a805f7c is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/20873138

Change-Id: Ib43859e575a8b3488e5b84b39879ab27d9e986ff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 07:32:55 +00:00
Bill Yi
d0acca7852 Merge "Merge TQ1A.230105.002 to stage-aosp-master - DO NOT MERGE" into stage-aosp-master 2023-01-06 07:01:01 +00:00
Treehugger Robot
1c650edd1a Merge "Add newline between contexts inputs" am: 17ac4a53f8 am: 95b80b7322 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2375548

Change-Id: If343dba5dae2821fa345135abafb891e85be5574
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-06 03:41:07 +00:00